The real threats SMEs face

Enterprise IT News relooks at cybersecurity with Shishir Singh, Executive Vice President and Chief Technology Officer, BlackBerry.

EITN: What are the advanced technologies that cybercriminals are adopting to evade detection?

Shishir: Increasingly complex and sophisticated cyberthreats are changing the way organisations approach cybersecurity. Attackers will continue to exploit events that cause organisations to be more vulnerable than usual. This applies to both unforeseen global crises like COVID-19 and more predictable occurrences like scheduled holidays. When an organisation’s security operations are disrupted, it is more likely to draw the attention of threat actors who sense an opportunity.

The 2022 BlackBerry Threat Report highlights the many ways threat actors continue mimicking the successful strategies and trends they observe in the business world. For example, we are seeing more malwares built to run in cloud architectures. Offerings like ransomware-as-a-service and malicious infrastructure-as-a-service are growing. Initial Access Brokers (IABs) have emerged to help common criminals execute more successful campaigns by selling illegitimate access to corporate networks, and to aid nation states and other powerful organisations seeking to conduct cyberattacks surreptitiously and maintain plausible deniability.

Meanwhile, new programming languages like Go, D, Nim, and Rust are surfacing across the threat landscape resulting tools like Cobalt Strike, which can be used to command-and-control networks to proliferate malware and attacks.

Other technologies are ransomware tools in the form of info stealers. One such example is Ficker, a malicious infostealer sold and distributed on underground Russian forums and used to direct victims to pages purportedly offering free downloads of legitimate paid services like Spotify and YouTube Premium.

In fact, ransomware has continued to take centre stage over the last year. The double extortion strategy of ransom and data exfiltration has now become the norm. In fact, the trend has escalated, with instances of triple (adding harassment) and quadruple (disruptive attacks such as DDoS) extortion occurring. As a result of these expanding threat actor strategies, there is an increasing spike in public data leakage.

After all, cybercrime is borderless and there should be no doubt in anyone’s mind that the private and public sector must cooperate on an international stage to share actionable intelligence against the scourge of ransomware. In fact, Singapore’s recent announcement of a new ransomware taskforce is an example of how the government is taking steps to strengthen the country’s cybersecurity posture.  It’s a great example of private and public sector collaboration.

As adversaries continue to take advantage of cyber gaps in critical infrastructure, businesses and communities, these measures underline the opportunity for any organisation – not only critical infrastructure operators – to take advantage of AI, cloud, and data science to anticipate, prevent, detect, and recover from cyberthreats.

EITN: Of the 96-percent of the threat landscape you secure, can you share a summary about the profiles of this 96-percent? industries, revenues aka what is at stake?

Shishir: BlackBerry solutions can address 96 percent of the enterprise threat landscape, according to an independent Frost & Sullivan report. The report found that BlackBerry provides broad coverage for any industry that relies on endpoints, noting that industries with a higher proportion of new endpoints and devices, such as bring-your-own and enterprise devices, pose a security challenge across virtually every market. In any enterprise, a user’s personal or company-issued device will be in contact with numerous other devices and systems. For example, third-party apps are a potential vector for malware; Apple blocked 1.6 million problematic new mobile applications in 2021. Any one of these intersections is an open vulnerability through which a threat actor can gain access to important company information or systems, with significant damage occurring in the months it often takes to detect a security breach.

Businesses are beginning to recognise that to address the skills shortage amidst the increasing scale of threats, it is now necessary to rely on services such as managed Extended Detection and Response (XDR) to gain enterprise-grade cybersecurity protection and tools at a fraction of the cost, thanks to the shared service model. Using AI and Machine Learning, XDR gathers enriched threat intelligence across the entire attack surface and contextualised to improve human and automated response actions.

BlackBerry is also securing 92 percent of the world’s top electric automakers cars. The industry is undergoing a disruptive transformation, with automakers partnering with—and even becoming— tech companies, and cars evolving into connected, mobile platforms and cybersecurity is rapidly becoming inseparable from almost any aspect of vehicle operation.

Like any IoT device, connected cars come with the risk of data breaches and hacks. While there is no documented incident of a real-life remote hack of a vehicle in motion, researchers working in controlled conditions have shown that it is possible. There are three main actions that cybercriminals could take when hacking connected cars, such as remotely taking over critical vehicle functions, stealing personal information flowing between connected cars and the cloud, and accessing the business systems of the connected car’s OEM, suppliers or service providers

The potential impact of an attack is far greater than monetary losses. A successful cyberattack can affect a business’ bottom line, its reputation, and consumer trust, not to mention financial ramifications in the form of lawsuits and fines from regulators. And in the area of connected vehicles, a breach has even greater implications—the loss of life.

EITN: You have talked about SMEs suffering more cyberthreats per device, than larger enterprises. What is the solution for this? and EITN: How are AI and shared services shaping the cybersecurity landscape for resource-strapped SMEs?

Shishir: Internationally, malicious hacking attempts occur every 39 seconds. BlackBerry has found that small to medium businesses face an average of 11 to 13 threats per device, a much higher number than larger enterprises, suggesting increased targeting. There are more than 450,000 new malware and potentially unwanted applications recorded each day. This makes it impossible for traditional signature-based detection solutions to keep up.

What should give us pause is the fact that many SMEs today still rely on legacy antivirus software and infrastructure which no longer have sufficient capability to combat cybercriminals’ sophisticated methods. Businesses also struggle to find sufficiently skilled cybersecurity personnel to manage an effective security posture as attacks move at speed.

Businesses are beginning to recognise that to address the skills shortage amidst the increasing scale of threats, it is now necessary to rely on services such as managed Extended Detection and Response (XDR) to gain enterprise-grade cybersecurity protection and tools at a fraction of the cost, thanks to the shared service model. Using AI and Machine Learning, XDR gathers enriched threat intelligence across the entire attack surface and contextualised to improve human and automated response actions.

A cybersecurity analyst will lose valuable time sifting through hundreds or thousands of alerts. In fact, it’s a feat that’s not sustainable, whether it’s an SME or enterprise, whereas managed XDR provides automated 24/7 threat monitoring and a team of experienced technical experts to provide oversight. A prevention-first model, leveraging AI and shared services like XDR, not only protects data and endpoints, but helps SMEs save time and money.

EITN: Please share the top three lessons learnt as a former secure device maker that Blackberry is considering when they bring their cybersecurity services to the table.

Shishir: I won’t necessarily attribute BlackBerry’s evolution to lessons. Rather, the independence, mobile security, and privacy that many people associate with BlackBerry devices remain strong with us to this day.

In this crowded landscape, BlackBerry is not focused on catching up with the competition, but leap-frogging them. BlackBerry has invested and invented our way to leadership positions in cybersecurity, encrypted voice and digital communications, automotive safety, and connected systems and devices.

BlackBerry’s solutions began in the world of portable electronics, and this thread continues through our wide array of solutions that go beyond innately securing devices to the systems that those devices use and the information that they share. The fundamentals are quite similar – customers expect security from us in software, rather than a handset and we’ve always been known to provide a secure and reliable system.

In this crowded landscape, BlackBerry is not focused on catching up with the competition, but leap-frogging them. BlackBerry has invested and invented our way to leadership positions in cybersecurity, encrypted voice and digital communications, automotive safety, and connected systems and devices.

We believe that security and information privacy is vital, and we bring that spirit of invention and innovation to all our cybersecurity solutions and services. Today, we secure 96 percent of the threat landscape, preventing more than 165 million cyberattacks in 2021 alone. We securely connect more than 500 million mobile, desktop and IoT endpoint devices. Our safety-certified software is used in over 195 million vehicles – including those from 24 of the top 25 electric vehicle (EV) manufacturers, and we continue to expand into new markets with new capabilities and innovation. This includes the 2,000 patents awarded to us in the last year.

An example of innovation is how we’re looking at our approach to cybersecurity by being predictive and prescriptive with AI and Machine Learning. Predictive analytics finds potential outcomes, while prescriptive analytics examines those outcomes to discover solutions.

In the cybersecurity context, we are innovating in AI and ML to play an important role in threat detection because humans simply can’t address every threat or alert of a threat. Instead, we are focused on using AI and ML technologies examine the ‘normal’ behaviour of the organisation and its users, and then either detect anomalies that do not match the behaviour of any user within the organisation, and/or make predictions as to whether a particular networking behaviour has lower or higher probability of being associated with a particular user.

EITN: Are managed services affordable for SMEs? What enterprise-level features/services are you bringing to SMEs?

Shishir: Threat detection tools have been both costly and complex to implement so cybersecurity can feel a bit unattainable to the average SME. Fortunately, there are SME-friendly options on the market. For example, we have developed a solution to help businesses of all sizes navigate this new and, for many, still uncharted terrain of managed XDR cybersecurity.

Through our partnership with Exabeam, we’ve made updates to our subscription-based 24×7 MDR (managed detection and response) service, BlackBerry CylanceGUARD, to now deliver powerful, affordable managed XDR protection that is available to organisations of all sizes.

With a single service offering that provides end-to-end managed XDR capabilities, CylanceGUARD offers an empowering solution that delivers the elusive trifecta that organisations seek from their security providers: the best possible protection, in an approach that is both easy and affordable enough for businesses of all sizes to take advantage.

EITN: Any case studies or war stories of businesses who do not do enough?

Shishir: For many organisations, the pandemic brought home the reality that massively disruptive critical events can happen at any time. The pandemic, however, wasn’t the only disruption in the last 12 months. Supply chain disruptions, civil unrest, utility outages, natural and man-made disasters, and even extreme weather were consistently occurring throughout the year, and throughout the world.

Through our partnership with Exabeam, we’ve made updates to our subscription-based 24×7 MDR (managed detection and response) service, BlackBerry CylanceGUARD, to now deliver powerful, affordable managed XDR protection that is available to organisations of all sizes.

There are several high-profile cybersecurity incidents reported in 2021. Many organisations, unfortunately, are ill-prepared for these kinds of critical events. The headline-grabbing attacks on supply chains and critical infrastructure has raised some serious questions for organisations worldwide.

For example, GDEX, a leading express delivery service provider in Malaysia, saw some attempts to compromise the organisation’s security, among the many challenges that already disrupt the logistics and the supply chain industry. They identified that the signature-based software they were using was no longer adequately protecting the organisation and deployed BlackBerry’s AI-driven solutions, CylanceOPTICS and CylancePROTECT, to defend against malware infection and potential data breaches.

To address similar cyber incidents, forward-looking organisations are investing in recruitment, training, and equipping their security analysts to staff “fusion” operation centres. These centres handle critical events related to cybersecurity and IT as well as non-technical issues. Their fused responsibilities extend to critical events traditionally managed by an emergency operations centre, such as civil unrest, natural disasters, and safety incidents.

They can also use prevention-first technology, migrate to an XDR platform, or engage a managed XDR team. XDR can offer organisations around-the-clock access to seasoned cybersecurity professionals using AI and ML to model normal behaviour of the organisation and its users. An example is Indonesia’s leading and largest taxi operator, Bluebird Group (Bluebird), which wanted to pivot to digital to stay competitive with modern ride-sharing services.

Bluebird needed round-the-clock support for a highly mobile, fast-growth business that needed to secure data and they turned to BlackBerry. The partnership with BlackBerry has given Bluebird access to smart, AI-based machine learning and a fully dedicated external security team to create new efficiencies so they can focus on the business, knowing they have a fully dedicated security team to take care of external threats around the clock.